rpms
/
kdelibs
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

CVE-2010-0046, security issue in khtml

This commit is contained in:
Than Ngo 2011-11-07 19:38:47 +01:00
parent 93ce084af6
commit d693c5a9f8
2 changed files with 21 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
kdelibs-4.7.3-CVE-0046.patch Normal file
View File

@ -0,0 +1,12 @@
diff -up kdelibs-4.7.3/khtml/css/cssparser.cpp.orig kdelibs-4.7.3/khtml/css/cssparser.cpp
--- kdelibs-4.7.3/khtml/css/cssparser.cpp.orig 2011-11-07 19:14:53.000000000 +0100
+++ kdelibs-4.7.3/khtml/css/cssparser.cpp 2011-11-07 19:15:21.000000000 +0100
@@ -2283,7 +2283,7 @@ bool CSSParser::parseFontFaceSrc()
Value* a = args->current();
uriValue = 0;
parsedValue = new CSSFontFaceSrcValueImpl( domString( a->string ), true /*local src*/ );
- } else if (!strcasecmp(domString(val->function->name), "format(") && allowFormat && uriValue) {
+ } else if (!strcasecmp(domString(val->function->name), "format(") && allowFormat && uriValue && (args->current()->unit == CSSPrimitiveValue::CSS_STRING || args->current()->unit == CSSPrimitiveValue::CSS_IDENT)) {
expectComma = true;
allowFormat = false;
uriValue->setFormat( domString( args->current()->string ) );

10
kdelibs.spec
View File

@ -23,7 +23,7 @@
Summary: KDE Libraries
Version: 4.7.3
Release: 2%{?dist}
Release: 3%{?dist}
Name: kdelibs
Epoch: 6
@ -129,6 +129,10 @@ Patch51: kdelibs-4.6.2-uri_mimetypes.patch
## security fix
# Not Upstreamed? why not ? -- Rex
Patch200: kdelibs-4.3.1-CVE-2009-2702.patch
# CVE-2010-0046, The Cascading Style Sheets (CSS) implementation in khtml/WebKit
# allows remote attackers to execute arbitrary code or cause a denial of service
# (memory corruption and application crash) via crafted format arguments.
Patch201: kdelibs-4.7.3-CVE-0046.patch
## Fedora specific patches
# make forcefully hal-free build
@ -322,6 +326,7 @@ sed -i -e "s|@@VERSION_RELEASE@@|%{version}-%{release}|" kio/kio/kprotocolmanage
# security fixes
%patch200 -p1 -b .CVE-2009-2702
%patch201 -p1 -b .CVE-2010-0046
# Fedora patches
%patch300 -p1 -b .halectomy
@ -571,6 +576,9 @@ rm -rf %{buildroot}
%changelog
* Mon Nov 07 2011 Than Ngo <than@redhat.com> - 4.7.3-3
- CVE-2010-0046, security issue in khtml
* Fri Nov 04 2011 Rex Dieter <rdieter@fedoraproject.org> 4.7.3-2
- no_libkactivities